Module: SeccompTools::Disasm

Defined in:
lib/seccomp-tools/disasm/disasm.rb,
lib/seccomp-tools/disasm/context.rb

Overview

Disassembler of seccomp BPF.

Defined Under Namespace

Classes: Context

Class Method Summary collapse

Class Method Details

.disasm(raw, arch: nil, display_bpf: true, arg_infer: true) ⇒ Object

Disassemble BPF codes.

Parameters:

  • raw (String)

    The raw BPF bytes.

  • arch (Symbol) (defaults to: nil)

    Architecture.

  • display_bpf (Boolean) (defaults to: true)
  • arg_infer (Boolean) (defaults to: true) 


21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/seccomp-tools/disasm/disasm.rb', line 21

def disasm(raw, arch: nil, display_bpf: true, arg_infer: true)
  codes = to_bpf(raw, arch)
  contexts = Array.new(codes.size) { Set.new }
  contexts[0].add(Context.new)
  # all we care is whether A is data[*]
  dis = codes.zip(contexts).map do |code, ctxs|
    ctxs.each do |ctx|
      code.branch(ctx) do |pc, c|
        contexts[pc].add(c) unless pc >= contexts.size
      end
    end
    code.contexts = ctxs
    code.disasm(code: display_bpf, arg_infer:)
  end.join("\n")
  if display_bpf
    <<-EOS
 line  CODE  JT   JF      K
=================================
#{dis}
    EOS
  else
    "#{dis}\n"
  end
end

.to_bpf(raw, arch) ⇒ Array<BPF>

Convert raw BPF string to array of BPF.

Parameters:

  • raw (String)
  • arch (Symbol)

Returns:



50
51
52
53
 
# File 'lib/seccomp-tools/disasm/disasm.rb', line 50

def to_bpf(raw, arch)
  arch ||= Util.system_arch
  raw.scan(/.{8}/m).map.with_index { |b, i| BPF.new(b, arch, i) }
end